Twifag ruin: Round 2

After the massively successful raid on twilighters.org we are continuing our crusade against the jizzstain that are twifaggots on the internet. We will not stop until they are all scared shitless to start another fucking stupid fansite or post about their retarded obsessions with Jacob's dick.

Example of our ruins

alright. you know its acutally great that we have info now. we had none yesturday and i was alone with the hacker for an hour :( it was sad and gross. but soph saved the day!!! your a great mod. and chris you did a good job too, because i didn't think the hacker deleting everything could be fixed

Our new target is The Twilight Forums

What we know:

They have an IRC network at irc.ipocalypse.net It's run by some faggot named Eric who is also apparently in charge of the server. It also hosts ipocalypse.net and hpforums.org

How you can help:

- Troll them mercilessly on the forums.

- Dox them, and refer to this for further tactics

- If you're a 1337 h4x0r on steroids join irc.partyvan.info #insurgency / #808 on irc.tr0ll.us or irc://irc.helldive.org/twifags if you're a faggot.

- Make them cry/puke/feel pain

As always, current information can be found on IRC. Rest assured we have 1337 skiddies working around the clock to h4x them, but we can't do it without YOUR help.

Dox/Ip addresses

Name: therock247uk

IP address: 82.9.89.46

Host name:cpc2-nwrk3-0-0cust301.nott.cable.ntl.com

Status: Ipocalypse.net administrator

-will be updated with moar info

- Nikto v2.1.1

---

+ Target IP: 62.212.84.82 + Target Hostname: thetwilightforums.com + Target Port: 80 + Start Time: 2010-05-12 19:30:47

---

+ Server: lighttpd/1.4.19

+ No CGI Directories found (use '-C all' to force check all possible dirs)

+ Retrieved X-Powered-By header: PHP/5.2.6-1+lenny6

+ lighttpd/1.4.19 appears to be outdated (current is at least 1.4.23)

+ Allowed HTTP Methods: OPTIONS, GET, HEAD, POST

+ /config.php: PHP Config file may contain database IDs and passwords.

+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests which contain

specif ic QUERY strings.

+ OSVDB-561: /server-status: This reveals Apache information. Comment out approp riate line in httpd.conf or restrict access to allowed hosts.

+ OSVDB-3092: /adm/: This might be interesting...

+ OSVDB-3092: /download/: This might be interesting...

+ OSVDB-3092: /files/: This might be interesting...

+ OSVDB-3092: /includes/: This might be interesting...

+ OSVDB-3092: /phpmyadmin/: phpMyAdmin is for managing MySQL databases, and shou ld be protected or limited to authorized hosts.

+ OSVDB-3092: /store/: This might be interesting...

+ OSVDB-3268: /docs/: Directory indexing is enabled: /docs

+ OSVDB-3268: /styles/: Directory indexing is enabled: /styles

+ 3823 items checked: 14 item(s) reported on remote host

+ End Time: 2010-05-12 19:32:04 (77 seconds)

---

Ports:

22/tcp open ssh OpenSSH 5.1p1 Debian 5 (protocol 2.0).

53/tcp open domain ISC BIND 9.5.1-P3.

80/tcp open http lighttpd 1.4.19.

111/tcp open rpcbind 2 (rpc #100000).

RE: BIND on :53

Reported by NVT "ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability" (1.3.6.1.4.1.25623.1.0.100362):

Overview:

ISC BIND 9 is prone to a remote cache-poisoning vulnerability. An attacker may leverage this issue to manipulate cache data,potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Versions prior to the following are vulnerable:

BIND 9.4.3-P4 BIND 9.5.2-P1 BIND 9.6.1-P2

References:

http://anonym.to/?http://www.securityfocus.com/bid/37118

http://anonym.to/?https://www.isc.org/node/504

http://anonym.to/?http://www.isc.org/products/BIND/

CVE : CVE-2009-4022

BID : 37118